Solved

Old objects in AD

Posted on 2007-12-03
6
243 Views
Last Modified: 2010-04-21
Hello,

I have some computer accounts in Active Directory that are probably no longer valid. I am looking for an easy way to scan and verify this so that they may be removed. It would be nice to find the last time they actually logged into the domain. Any ideas? Thanks!
0
Comment
Question by:jbyrd1981
6 Comments
 
LVL 4

Expert Comment

by:AGCIT
ID: 20400211
dsquery will do it. you have to have a critery though, like 90 days inactivity or such...

http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003/AdminTips/Admin/PruningOldComputerAccountsinAD.html

I recently wrote one for users
0
 
LVL 20

Accepted Solution

by:
Lazarus earned 500 total points
ID: 20400216
Use OLDCMP: you can get it at http://joeware.net works well for your needs. It's command line though.
0
 
LVL 20

Expert Comment

by:Lazarus
ID: 20400222
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 4

Expert Comment

by:AGCIT
ID: 20400231
(Spelling) Criteria. Sorry,

Echo off
FOR /F "TOKENS=1* DELIMS= " %%A IN ('DATE/T') DO SET CDATE=%%B
FOR /F "TOKENS=1,2 eol=/ DELIMS=/ " %%A IN ('DATE/T') DO SET mm=%%B
FOR /F "TOKENS=1,2 DELIMS=/ eol=/" %%A IN ('echo %CDATE%') DO SET dd=%%B
FOR /F "TOKENS=2,3 DELIMS=/ " %%A IN ('echo %CDATE%') DO SET yyyy=%%B
SET date=%mm%%dd%%yyyy%
dsquery user -Inactive 12 ou=exited,ou=employeeexits,dc=domain,dc=com -limit 0 > "M:\path\%date%.Xls" | DSRM -noprompt

In this case it was for users, 12 weeks inactive, log it into an excel sheet, and the DSRM is the remove automatically
0
 
LVL 1

Expert Comment

by:chipbunker
ID: 20400346
Without reinventing the wheel, I was able to find a couple sites that might assist you in retrieving the information you need to find the old computer accounts in active directory.

http://www.visualbasicscript.com/m_24625/mpage_1/key_/tm.htm
http://www.petri.co.il/forums/showthread.php?t=8973
0
 
LVL 1

Author Closing Comment

by:jbyrd1981
ID: 31412494
Thanks! I believe that this is what I was looking for.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question